General Settings

Severity

By default, Tenable Vulnerability Management uses CVSSv2 scores to calculate severity for individual vulnerability instances. If you want Tenable Vulnerability Management to calculate the severity of vulnerabilities using CVSSv3 scores (when available), you can configure your severity metric setting.

Tip: A vulnerability instance is a single instance of a vulnerability appearing on an asset, identified uniquely by plugin ID, port, and protocol.

For information about severity and the ranges for CVSSv2 and CVSSv3, see CVSS vs. VPR.

Note: This setting does not affect the following:

Tenable Web App Scanning vulnerabilities.
Tenable Container Security vulnerabilities.
The calculations displayed in the SLA Progress: Vulnerability Age widget. To modify your SLA severity, navigate to the Service-Level Agreement (SLA) tab on the General page.

Caution: When changing your CVSS severity metric setting, the new setting is only reflected in new findings that come into your system. Any existing findings only reflect the previous severity setting (unless otherwise recasted). For more information on recast rules, see Recast/Accept Rules.

To configure your severity setting:

On the Severity tab, select the metric that you want Tenable Vulnerability Management to use for severity calculations.
- CVSSv2 — Use CVSSv2 scores for all severity calculations.
- CVSSv3 — Use CVSSv3 scores, when available, for all severity calculations. Use CVSSv2 only if a CVSSv3 score is not available.
Click Save.
The system saves your change and begins calculating severity based on your selection.

All vulnerabilities seen before the change retain their severity. After the change, all vulnerabilities seen during scans receive severities based on your new selection. Because of this, you could see two sightings of the same vulnerability have two different CVSS scores and severities.

Tip: A vulnerability instance is a single instance of a vulnerability appearing on an asset, identified uniquely by plugin ID, port, and protocol.

Service-Level Agreement (SLA)

You can configure Service Level Agreement (SLA) settings to modify how Tenable calculates your SLA data.

You can view this data in the SLA Progress: Vulnerability Age widget on the Vulnerability Management Overview dashboard. For more information, see Vulnerability Management Dashboard.

To configure your SLA settings:

Click the Service-Level Agreement (SLA) tab.

The SLA options appear.

Configure the following options:

Option	Default	Description/Actions
Vulnerability Age SLA	Critical 7 days High 30 days Medium 60 days Low 180 days	To modify the number of days included for each severity, type an integer in the box next to Critical, High, Medium, or Low.
Override Vulnerability Severity Metric	VPR	Specifies whether Tenable uses VPR severity, CVSSv2 severity, or CVSSv3 severity to calculate SLA data. For more information about these metrics, see CVSS vs. VPR. Note: This option affects only the calculations displayed in the SLA Progress: Vulnerability Age widget. To modify the severity metric for all other areas of the product, navigate to the Severity tab on the General page.
Vulnerability Age Metric	First Seen	Specifies whether Tenable uses First Seen or Published Date to calculate SLA data.

Option

Default

Description/Actions

Vulnerability Age SLA

Critical 7 days
High 30 days
Medium 60 days
Low 180 days

To modify the number of days included for each severity, type an integer in the box next to Critical, High, Medium, or Low.

Override Vulnerability Severity Metric

VPR

Specifies whether Tenable uses VPR severity, CVSSv2 severity, or CVSSv3 severity to calculate SLA data.

For more information about these metrics, see CVSS vs. VPR.

Note: This option affects only the calculations displayed in the SLA Progress: Vulnerability Age widget. To modify the severity metric for all other areas of the product, navigate to the Severity tab on the General page.

Vulnerability Age Metric

First Seen

Specifies whether Tenable uses First Seen or Published Date to calculate SLA data.

Click Save.

Tenable Vulnerability Management saves your SLA settings.

Language

On the General page, you can change the plugin language in your Tenable Vulnerability Management container to English, Japanese, Simplified Chinese, or Traditional Chinese. This setting affects all users in the container.

To change the plugin language:

In the upper-left corner, click the button.

The left navigation plane appears.
In the left navigation plane, click Settings.

The Settings page appears.

Click the General tile.

The General tile appears. By default, the Severity tab is active.
Click the Language tab.

The Language tab appears.
Under Language, select a new language.

Tenable Vulnerability Management updates the plugin language for your container.

Exports

To configure your default export expiration:

When you create an export, you can set an expiration delay for the export file up to 30 calendar days, which is the maximum number of days that Tenable Vulnerability Management allows before your export files expire.

By default, any exports you create in Tenable Vulnerability Management have an expiration date of 30 days. If you want to decrease the number of days that Tenable Vulnerability Management allows before your export files expire, you can configure your default export expiration days.

Click the Exports tab.

The Export Expiration options appear.
In the Default Expiration box, type the number of days you want to Tenable Vulnerability Management to allow before your exports expire.

Note: Tenable Vulnerability Management allows you to set a maximum of 30 calendar days for export expiration.

Note: You must type the number of days as an integer between 1 and 30.
Click Save.

Tenable Vulnerability Management saves your settings and updates the number of allowable days before your exports expire.

Search

Enabling plugin output data retention allows Tenable Vulnerability Management to store your plugin output data each time you launch a scan. You can then filter your vulnerability findings by plugin output. For more information, see Findings Filters.

Note: Tenable automatically disables this setting if it is unused for 35 days. Re-enable the setting to conduct a search on plugin output for all scans from that point onward. Only use this setting if you need to perform regular searches within the Explore user interface.

Once you have enabled plugin output data retention, you must launch a scan so that Tenable Vulnerability Management can identify and store your plugin output data.

Caution: You cannot disable plugin output data retention once you have enabled it.

To enable plugin output data retention:

In the left navigation plane, click the Search tab.

The search options appear.
Click the Enable Regex Search on Plugin Output toggle.
Click Save.

Tenable Vulnerability Management enables plugin output data retention on your account.

What to do next:

Launch a scan for your host assets.

Scanning

In the Scanning section, you can change how Tenable Vulnerability Management handles info-level plugins with two settings.

Caution:Tenable is removing these settings for all customers over the coming weeks. Contact your Tenable representative for more information.

Process High-Traffic Info Plugins

Disable this setting to stop Tenable Vulnerability Management from generating an individual finding for every open port on every scanned host. Disabling this setting reduces scan time and scan result export time, while enabling it may significantly increase these times. For more information, see Platform Performance Improvement FAQ - Info Plugins.

The following plugin IDs are impacted

34220 - Netstat Portscanner (WMI)
34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
11219 - Nessus SYN Scanner
14272 - Netstat Portscanner (SSH)
25221 - Remote listeners enumeration (Linux / AIX)
10736 - DCE Services Enumeration
99265 - macOS Remote Listeners Enumeration
10335 - Nessus TCP scanner
14274 - Nessus SNMP Scanner
34277 - Nessus UDP Scanner

Tip: For more information about these plugins, see the Tenable Plugins site.

Relocate Open Port Findings

Enable this setting to change how Tenable Vulnerability Management handles open port findings by displaying them on the Asset Details page instead of the Findings workbench. To learn about the impact this change may have on your organization, see Tenable Vulnerability Management New Data Format: Relocate Open Port Findings.

Note: When you enable Relocate Open Port Findings, you no longer receive open port findings data in your third-party integrations, since open ports are no longer stored as individual findings.

This setting does the following:

Moves open port findings from the Findings workbench to the Asset Details page. The Asset Details page appears when you click a host asset on the Assets workbench.

Open port findings from the following high-traffic plugins move to the Asset Details page

34220 - Netstat Portscanner (WMI)
34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
11219 - Nessus SYN Scanner
14272 - Netstat Portscanner (SSH)
25221 - Remote listeners enumeration (Linux / AIX)
10736 - DCE Services Enumeration
99265 - macOS Remote Listeners Enumeration
10335 - Nessus TCP scanner
14274 - Nessus SNMP Scanner
34277 - Nessus UDP Scanner

Enables the Open Ports tab on the Asset Details page, which now contains open port findings.
Enables the Open Ports filter on the Assets workbench, where you can search for open ports on host assets.
Enables the Open Ports rule on the Tags page, so you can tag open ports.
Adds an Open Ports field to the Assets workbench, so you can export open port data.
(Optional) Adds open port findings to the bulk asset export API. To learn more, see the API changelog in the Tenable Developer Portal. To request this feature, contact your Tenable Customer Success Manager.